On Fri, 21 Oct 2016, Banana Man wrote:
I didn't want to confuse things, but I'm actually using a NAT with this tunnel (as well as several others on this machine). So left= is a different value (my machine's real IP) than leftsubnet= and leftsourceip=, which are the NAT address. So I think I need to set both of those. I have always used 255.255.255.255 in the subnet settings to restrict to the single IP, is this not advisable? I only want access to the machine I'm starting the tunnel on, not the whole subnet.
Ok, if leftsubnet is an IP different from left that is fine. That did not show in your posted config. If you are behind NAT, ensure you have the shorter ikelifetime= so you are always the end rekeying first. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
